parsing original SMTP not working properly? - SpamAssassin

This is a discussion on parsing original SMTP not working properly? - SpamAssassin ; Hi, I might have hitten a bug in the way SA parses out the original SMTP host. I send and email from my mail client (to myself) through the SMTP server of GMX. SA thinks the Mail was sent directly ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: parsing original SMTP not working properly?

  1. parsing original SMTP not working properly?

    Hi,

    I might have hitten a bug in the way SA parses out the original SMTP host.
    I send and email from my mail client (to myself) through the SMTP server of
    GMX. SA thinks the Mail was sent directly from my computer (i.e. my
    dsl-routers IP) without using GMXs SMTP server.

    SPF_FAIL, RCVD_IN_PBL RBL, RCVD_IN_XBL RBL, RCVD_IN_SORBS_DUL and RDNS_DYNAMIC
    seem to think 85.55.41.198 was the SMTP server - which is wrong. 85.55.41.198
    is the IP my dsl-router uses to connect to the Internet.

    Am I understanding / have configured something wrong here or did I indeed hi a
    bug? If so - shall I open a bugreport, post this to the dev-list or how to
    proceed?



    Full headers:

    Return-Path:
    X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on momo.seclinet.org
    X-Spam-Level: ****
    X-Spam-Status: No, score=4.3 required=5.0
    tests=AWL,BAYES_40,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,R CVD_IN_XBL,RDNS_DYNAMIC,SPF_FAIL,TVD_SPACE_RATIO
    autolearn=no
    bayes=0.2760
    language=
    report:
    * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
    * [85.55.41.198 listed in zen.spamhaus.org]
    * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
    * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
    address
    * [85.55.41.198 listed in dnsbl.sorbs.net]
    * 0.7 SPF_FAIL SPF: sender does not match SPF record (fail)
    * [SPF failed: Please see
    http://www.openspf.org/Why?s=mfrom&i....seclinet.org]
    * -0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
    * [score: 0.2760]
    * 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
    * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
    * dynamic-looking rDNS
    * -3.4 AWL AWL: From: address is in the auto white-list
    X-Flags: 0000
    Delivered-To: GMX delivery to seclinet@gmx.net
    Received: by localhost (fdm 1.5, account "gmx");
    Mon, 14 Jul 2008 01:04:12 +0200
    Received: (qmail 6881 invoked by alias); 13 Jul 2008 22:29:06 -0000
    Delivered-To: GMX delivery to anyaddress@gmx.net
    Received: (qmail invoked by alias); 13 Jul 2008 22:29:06 -0000
    Received: from 198.pool85-55-41.dynamic.orange.es (EHLO [192.168.0.25])
    [85.55.41.198]
    by mail.gmx.net (mp004) with SMTP; 14 Jul 2008 00:29:06 +0200
    X-Authenticated: #8384405
    X-Provags-ID: V01U2FsdGVkX1/KEJsVuZLKMG4BVaXLiJgyzPl76GsqwvYJeDn+q7
    XuSbVqmMorwDIp
    From: Tom Fernandes
    To: Tom Fernandes
    Subject: test-procmail
    Date: Mon, 14 Jul 2008 00:29:04 +0200
    User-Agent: KMail/1.9.9
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset="utf-8"
    Content-Transfer-Encoding: 7bit
    Content-Disposition: inline
    Message-Id: <200807140029.04272.anyaddress@gmx.net>
    X-FuHaFi: 0.00
    X-GMX-Antivirus: 0 (no virus found)
    X-GMX-Antispam: -2 (not scanned, spam filter disabled)
    X-Resent-By: Forwarder
    X-Resent-For: anyaddress@gmx.net
    X-Resent-To: seclinet@gmx.net
    X-GMX-UID: /PQbLLcNa0AodebBJTAzUog3Njh6dE7a
    X-Length: 2321
    X-UID: 1521



    thanks,


    Tom


  2. Re: parsing original SMTP not working properly?

    Tom Fernandes wrote:
    > Hi,
    >
    > I might have hitten a bug in the way SA parses out the original SMTP host.
    > I send and email from my mail client (to myself) through the SMTP server of
    > GMX. SA thinks the Mail was sent directly from my computer (i.e. my
    > dsl-routers IP) without using GMXs SMTP server.
    >
    > SPF_FAIL, RCVD_IN_PBL RBL, RCVD_IN_XBL RBL, RCVD_IN_SORBS_DUL and RDNS_DYNAMIC
    > seem to think 85.55.41.198 was the SMTP server - which is wrong. 85.55.41.198
    > is the IP my dsl-router uses to connect to the Internet.
    >
    > Am I understanding / have configured something wrong here or did I indeed hi a
    > bug? If so - shall I open a bugreport, post this to the dev-list or how to
    > proceed?
    >
    >
    >
    > Full headers:
    >
    > Return-Path:
    > X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on momo.seclinet.org
    > X-Spam-Level: ****
    > X-Spam-Status: No, score=4.3 required=5.0
    > tests=AWL,BAYES_40,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,R CVD_IN_XBL,RDNS_DYNAMIC,SPF_FAIL,TVD_SPACE_RATIO
    > autolearn=no
    > bayes=0.2760
    > language=
    > report:
    > * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
    > * [85.55.41.198 listed in zen.spamhaus.org]
    > * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
    > * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
    > address
    > * [85.55.41.198 listed in dnsbl.sorbs.net]
    > * 0.7 SPF_FAIL SPF: sender does not match SPF record (fail)
    > * [SPF failed: Please see
    > http://www.openspf.org/Why?s=mfrom&i....seclinet.org]
    > * -0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
    > * [score: 0.2760]
    > * 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
    > * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
    > * dynamic-looking rDNS
    > * -3.4 AWL AWL: From: address is in the auto white-list
    > X-Flags: 0000
    > Delivered-To: GMX delivery to seclinet@gmx.net
    > Received: by localhost (fdm 1.5, account "gmx");
    > Mon, 14 Jul 2008 01:04:12 +0200
    > Received: (qmail 6881 invoked by alias); 13 Jul 2008 22:29:06 -0000
    > Delivered-To: GMX delivery to anyaddress@gmx.net
    > Received: (qmail invoked by alias); 13 Jul 2008 22:29:06 -0000
    > Received: from 198.pool85-55-41.dynamic.orange.es (EHLO [192.168.0.25])
    > [85.55.41.198]
    > by mail.gmx.net (mp004) with SMTP; 14 Jul 2008 00:29:06 +0200
    >


    so mail is received by mail.gmx.net, then by localhost. SA cannot guess
    that it is not running on mail.gmx.net ;-p)

    where is the Received header that shows that the message moved from gmx
    to your mail server?


  3. Re: parsing original SMTP not working properly?

    Hi,

    On Monday, 14. July 2008, mouss wrote:
    > Tom Fernandes wrote:
    > > Hi,
    > >
    > > I might have hitten a bug in the way SA parses out the original SMTP
    > > host. I send and email from my mail client (to myself) through the SMTP
    > > server of GMX. SA thinks the Mail was sent directly from my computer
    > > (i.e. my dsl-routers IP) without using GMXs SMTP server.
    > >
    > > SPF_FAIL, RCVD_IN_PBL RBL, RCVD_IN_XBL RBL, RCVD_IN_SORBS_DUL and
    > > RDNS_DYNAMIC seem to think 85.55.41.198 was the SMTP server - which is
    > > wrong. 85.55.41.198 is the IP my dsl-router uses to connect to the
    > > Internet.
    > >
    > > Am I understanding / have configured something wrong here or did I indeed
    > > hi a bug? If so - shall I open a bugreport, post this to the dev-list or
    > > how to proceed?
    > >
    > >
    > >
    > > Full headers:
    > >
    > > Return-Path:
    > > X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
    > > momo.seclinet.org X-Spam-Level: ****
    > > X-Spam-Status: No, score=4.3 required=5.0
    > > tests=AWL,BAYES_40,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,R CVD_IN_XBL,RDNS_DYNAMIC
    > >,SPF_FAIL,TVD_SPACE_RATIO autolearn=no
    > > bayes=0.2760
    > > language=
    > > report:
    > > * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
    > > * [85.55.41.198 listed in zen.spamhaus.org]
    > > * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
    > > * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic
    > > IP address
    > > * [85.55.41.198 listed in dnsbl.sorbs.net]
    > > * 0.7 SPF_FAIL SPF: sender does not match SPF record (fail)
    > > * [SPF failed: Please see
    > > http://www.openspf.org/Why?s=mfrom&i...ip=85.55.41.19
    > >8&r=momo.seclinet.org] * -0.2 BAYES_40 BODY: Bayesian spam probability is
    > > 20 to 40% * [score: 0.2760]
    > > * 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
    > > * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
    > > * dynamic-looking rDNS
    > > * -3.4 AWL AWL: From: address is in the auto white-list
    > > X-Flags: 0000
    > > Delivered-To: GMX delivery to seclinet@gmx.net
    > > Received: by localhost (fdm 1.5, account "gmx");
    > > Mon, 14 Jul 2008 01:04:12 +0200
    > > Received: (qmail 6881 invoked by alias); 13 Jul 2008 22:29:06 -0000
    > > Delivered-To: GMX delivery to anyaddress@gmx.net
    > > Received: (qmail invoked by alias); 13 Jul 2008 22:29:06 -0000
    > > Received: from 198.pool85-55-41.dynamic.orange.es (EHLO [192.168.0.25])
    > > [85.55.41.198]
    > > by mail.gmx.net (mp004) with SMTP; 14 Jul 2008 00:29:06 +0200

    >
    > so mail is received by mail.gmx.net, then by localhost. SA cannot guess
    > that it is not running on mail.gmx.net ;-p)
    >
    > where is the Received header that shows that the message moved from gmx
    > to your mail server?


    Not sure if I get your right. The way of the mail is the following:

    MUA (kmail) -> GMXs SMTP Server -> GMX forwards it from anyaddress@gmx.net to
    seclinet@gmx.net (I have set it like this in my account preferences at
    GMX) -> fdm (which is a similar to fetchmail) fetches the mail via pop3 ->
    procmail (gets fed by fdm) -> spamassassin (called from procmail as first
    rule).

    But to answer your question:

    Received: by localhost (fdm 1.5, account "gmx");
    Mon, 14 Jul 2008 01:04:12 +0200

    is the header you are asking for - if I understood you correctly.



    Tom


  4. Re: parsing original SMTP not working properly?

    Tom Fernandes wrote:
    > [snip]
    > Not sure if I get your right. The way of the mail is the following:
    >
    > MUA (kmail) -> GMXs SMTP Server -> GMX forwards it from anyaddress@gmx.net to
    > seclinet@gmx.net (I have set it like this in my account preferences at
    > GMX) -> fdm (which is a similar to fetchmail) fetches the mail via pop3 ->
    > procmail (gets fed by fdm) -> spamassassin (called from procmail as first
    > rule).
    >
    > But to answer your question:
    >
    > Received: by localhost (fdm 1.5, account "gmx");
    > Mon, 14 Jul 2008 01:04:12 +0200
    >
    > is the header you are asking for - if I understood you correctly.
    >


    I guess that's the problem. I don't think SA handles fdm.


  5. Re: parsing original SMTP not working properly?

    Hi,

    On Tuesday, 15. July 2008, mouss wrote:
    > Tom Fernandes wrote:
    > > [snip]
    > > Not sure if I get your right. The way of the mail is the following:
    > >
    > > MUA (kmail) -> GMXs SMTP Server -> GMX forwards it from
    > > anyaddress@gmx.net to seclinet@gmx.net (I have set it like this in my
    > > account preferences at GMX) -> fdm (which is a similar to fetchmail)
    > > fetches the mail via pop3 -> procmail (gets fed by fdm) -> spamassassin
    > > (called from procmail as first rule).
    > >
    > > But to answer your question:
    > >
    > > Received: by localhost (fdm 1.5, account "gmx");
    > > Mon, 14 Jul 2008 01:04:12 +0200
    > >
    > > is the header you are asking for - if I understood you correctly.

    >
    > I guess that's the problem. I don't think SA handles fdm.


    Bug filed:

    https://issues.apache.org/SpamAssass...ug.cgi?id=5941

    lets see...


    thanks for your comments,


    Tom


  6. Re: parsing original SMTP not working properly?

    Hello Tom,

    Am 2008-07-15 00:09:33, schrieb Tom Fernandes:
    > But to answer your question:
    >
    > Received: by localhost (fdm 1.5, account "gmx");
    > Mon, 14 Jul 2008 01:04:12 +0200
    >
    > is the header you are asking for - if I understood you correctly.


    With fetchmail it is the same problem...

    Why do you not set a "silent" mode like in fetchmail, so "fdm" does not
    insert this "Received:" header?

    Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


    --
    Linux-User #280138 with the Linux Counter, http://counter.li.org/
    ##################### Debian GNU/Linux Consultant #####################
    Michelle Konzack Apt. 917 ICQ #328449886
    +49/177/9351947 50, rue de Soultz MSN LinuxMichi
    +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQFIf8duC0FPBMSS+BIRAtUfAJ98DWUaFPW/yGWrsSjlD+vqNgYIrQCfWIX0
    VIrBTg+Zhl9n/W6VNhGPKSE=
    =rztL
    -----END PGP SIGNATURE-----


  7. Re: parsing original SMTP not working properly?

    Michelle Konzack wrote:
    > Hello Tom,
    >
    > Am 2008-07-15 00:09:33, schrieb Tom Fernandes:
    >> But to answer your question:
    >>
    >> Received: by localhost (fdm 1.5, account "gmx");
    >> Mon, 14 Jul 2008 01:04:12 +0200
    >>
    >> is the header you are asking for - if I understood you correctly.

    >
    > With fetchmail it is the same problem...


    ahuh? I use fetchmail and I don't see this problem.

    >
    > Why do you not set a "silent" mode like in fetchmail, so "fdm" does not
    > insert this "Received:" header?


    doesn't solve the problem. he needs to _add_ a header so that SA doesn't
    consider his ISp as his own MTA.


+ Reply to Thread